Merge pull request #19 from terraform-modules/feature-remove-defaults

add region and profile variables to vpc-remove-defaults
terraform-modules · Apr 8, 2021 · 2274217 · 2274217
2 parents 1342ed9 + 457cdb6
commit 2274217
Show file tree

Hide file tree

Showing 6 changed files with 116 additions and 35 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -79,3 +79,7 @@
 
 * v1.10.0 -- 20210407
   - vpc-remove-defaults created
+
+* v1.10.1 -- 20210408
+  - vpc-remove-defaults
+    - add `region` and `profile` variables
diff --git a/common/version.tf b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.10.0"
+  _module_version = "1.10.1"
 }
diff --git a/vpc-remove-defaults/README.md b/vpc-remove-defaults/README.md
@@ -7,12 +7,19 @@ module "vpc_defaults" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//vpc-remove-defaults"
 
   account_alias         = "ma5-gov"
-  # optional
+
+  ## optional
   # enable_delete       = true
   # enable_igw_check    = true
+
+  # region              = "us-gov-west-1"
+  # profile             = "myprofile"
 }
 ```
 
+By default, it will use the current region, and it will use a profile assumed to be constructed of
+the `account_id`+`account_alias`.
+
 # Removing Defaults
 On a new account, a number of default things are set up:
 * VPC
@@ -79,6 +86,8 @@ No modules.
 | <a name="input_enable_delete"></a> [enable\_delete](#input\_enable\_delete) | Execute delete-defaults.sh script at the end of apply | `bool` | `false` | no |
 | <a name="input_enable_igw_check"></a> [enable\_igw\_check](#input\_enable\_igw\_check) | Enable check of Internet Gateway (IGW) as part of default detection | `bool` | `true` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_profile"></a> [profile](#input\_profile) | AWS Config profile (required for calling the aws cli; assumed to be {account\_id}-{account\_alias}) | `string` | `""` | no |
+| <a name="input_region"></a> [region](#input\_region) | AWS Region (default takes from current executing region) | `string` | `""` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 
 ## Outputs

diff --git a/vpc-remove-defaults/main.tf b/vpc-remove-defaults/main.tf
@@ -8,12 +8,19 @@
 *   source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//vpc-remove-defaults"
 *
 *   account_alias         = "ma5-gov"
-*   # optional
+*
+*   ## optional
 *   # enable_delete       = true
 *   # enable_igw_check    = true
+*
+*   # region              = "us-gov-west-1"
+*   # profile             = "myprofile"
 * }
 * ```
 *
+* By default, it will use the current region, and it will use a profile assumed to be constructed of
+* the `account_id`+`account_alias`.
+*
 * # Removing Defaults
 * On a new account, a number of default things are set up:
 * * VPC
@@ -43,6 +50,7 @@ locals {
   account_id          = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id
   account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew"
   region              = var.region == "" ? data.aws_region.current.name : var.region
+  profile             = var.profile == "" ? format("%v-%v", local.account_id, var.account_alias) : var.profile
 
   base_tags = {
     "Organization"          = "census:aditcio:csvd"
@@ -53,14 +61,14 @@ locals {
 
 locals {
   vpc_id                 = aws_default_vpc.default.id
-  vpc_title              = format("%v-%v-%v", local.account_id, var.account_alias, local.region)
+  vpc_title              = format("%v-%v", local.account_id, var.account_alias, local.region)
   vpc_availability_zones = toset(data.aws_availability_zones.zones.names)
   defaults_script        = "${path.root}/setup/delete-defaults.sh"
   enable_defaults        = fileexists(local.defaults_script) ? 0 : 1
 
   default_output = templatefile("${path.module}/templates/delete-defaults.sh.tpl",
     {
-      profile          = var.profile
+      profile          = local.profile
       region           = local.region
       security_group   = aws_default_security_group.default.id
       network_acl      = aws_default_network_acl.default.id
@@ -195,7 +203,7 @@ resource "null_resource" "execute_script" {
     script_created = null_resource.script.id
   }
   provisioner "local-exec" {
-    command = "./${local.defaults_script}"
+    command = "./${local.defaults_script} delete |& tee -a ${local.defaults_script}.log"
   }
 }
 
@@ -211,24 +219,3 @@ output "defaults" {
     "igw"              = var.enable_igw_check ? concat(data.aws_internet_gateway.default[*].id, list("")) : ""
   }
 }
-
-# delete resources, create script to do this from a template
-#
-#  null_resource.default_igw
-#  aws_default_security_group.default
-#  aws_default_network_acl.default
-#  aws_default_subnet.default["us-gov-east-1a"]
-#  aws_default_subnet.default["us-gov-east-1b"]
-#  aws_default_subnet.default["us-gov-east-1c"]
-#  aws_default_route_table.default
-#  aws_default_vpc_dhcp_options.default
-#  aws_default_vpc.default
-
-# delete-security-group --group-id
-# delete-internet-gateway --internet-gateway-id
-# delete-network-acl --network-acl-id
-# delete-subnet --subnet-id
-# delete-route-table --route-table-id
-# delete-dhcp-options --dhcp-options-id
-# delete-vpc --vpc-id
-
diff --git a/vpc-remove-defaults/templates/delete-defaults.sh.tpl b/vpc-remove-defaults/templates/delete-defaults.sh.tpl
@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
 
 # pass any argument to script to execute and remove
 
@@ -9,12 +9,80 @@ else
   DRYRUN=""
 fi
 
-aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN
-aws --profile ${profile} --region ${region}  ec2 delete-internet-gateway --internet-gateway-id ${igw} $DRYRUN
-aws --profile ${profile} --region ${region}  ec2 delete-network-acl --network-acl-id ${network_acl} $DRYRUN
+if [ -z "${profile}" ]
+then
+  echo "* profile is missing, exiting"
+  exit 1
+fi
+if [ -z "${region}" ]
+then
+  echo "* region is missing, exiting"
+  exit 1
+fi
+
+AWS=$(which aws 2>/dev/null)
+if [ -z $AWS ]
+then
+  echo "* cannot find aws binary, exiting"
+  exit 1
+fi
+
+if [ ! -z "${security_group}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-security-group --group-id ${security_group} $DRYRUN
+else
+  echo "# skipping delete security-group, missing"
+fi
+
+if [ ! -z "${igw}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-internet-gateway --internet-gateway-id ${igw} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-internet-gateway --internet-gateway-id ${igw} $DRYRUN
+else
+  echo "# skipping delete igw, missing"
+fi
+
+if [ ! -z "${network_acl}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-network-acl --network-acl-id ${network_acl} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-network-acl --network-acl-id ${network_acl} $DRYRUN
+else
+  echo "# skipping delete network_acl, missing"
+fi
+
 %{ for sn in subnet ~}
-aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN
+if [ ! -z "${sn}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-subnet --subnet-id ${sn} $DRYRUN
+else
+  echo "# skipping delete subnet, missing"
+fi
 %{ endfor ~}
-aws --profile ${profile} --region ${region}  ec2 delete-route-table --route-table-id ${route_table} $DRYRUN
-aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN
-aws --profile ${profile} --region ${region}  ec2 delete-vpc --vpc-id ${vpc} $DRYRUN
+
+if [ ! -z "${route_table}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-route-table --route-table-id ${route_table} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-route-table --route-table-id ${route_table} $DRYRUN
+else
+  echo "# skipping delete route_table, missing"
+fi
+
+if [ ! -z "${vpc_dhcp_options}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-dhcp-options --dhcp-options-id ${vpc_dhcp_options} $DRYRUN
+else
+  echo "# skipping delete dhcp_options, missing"
+fi
+
+if [ ! -z "${vpc}" ]
+then
+  echo "# aws --profile ${profile} --region ${region}  ec2 delete-vpc --vpc-id ${vpc} $DRYRUN"
+  aws --profile ${profile} --region ${region}  ec2 delete-vpc --vpc-id ${vpc} $DRYRUN
+else
+  echo "# skipping delete vpc, missing"
+fi
+
+exit 0
diff --git a/vpc-remove-defaults/variables.tf b/vpc-remove-defaults/variables.tf
@@ -9,3 +9,16 @@ variable "enable_igw_check" {
   type        = bool
   default     = true
 }
+
+variable "region" {
+  description = "AWS Region (default takes from current executing region)"
+  type        = string
+  default     = ""
+}
+
+variable "profile" {
+  description = "AWS Config profile (required for calling the aws cli; assumed to be {account_id}-{account_alias})"
+  type        = string
+  default     = ""
+}
+